KingRoan

Hi, it was an inbound connection again on port 445 with a strange IP Adress. ( Even tho i blocked the Port in the Firewall itself?) In that time i was using opera again, not firefox like before. No link or App involved. The export is in the attachments. What I also did is, I picked out all the IP addresses that tried to connect to me and did a reverse IP check. So I found out where they are hosted. I wrote a complaint to the corresponding places, and even received one answer so far: I am curious what will result from it. I also made all the Updates you mentioned above. And if nothing else can be done, so be it. I'll just have to live with the thought that apparently someone wants very urgently on my PC😁 Block-yesterday.txt

WELL, it doesnt seem like it.. Got a new block message, ah ffs 🙃

Hi, okay, let's hope that from now on there will be silence😁 SecurityCheck is attached. SecurityCheck.txt

Hi, yeah im very greatful for that protection! Is it actually possible to predict what can happen if such a connection is succesfully established? Teeworlds is a game i play, I was wondering already why I couldn't get on a specific server until I saw that it was blocked by MB. I will just stay away from the server. However, the incoming connections do not come from the game. I have the rule in place now that all incoming connections are blocked on port 445. So now this means that these connections are blocked before MB detects them? And many thanks already at this point for all the help^^

Hi, done! mbst-grab-results.zip

Hi, i did all that. Firefox was good after that and showed a normal behaviour. I still continued to use another browser out of caution. However, just now these connections were blocked 2 times again, in a period of 40 minutes. So apparently it was not Firefox after all :(

Hi again, So the Sophos scan was clean. I have attached the only file that was created. It only says that some things could not be opened. - To come back to the connections: After I blocked the RDP sessions in the settings, I accidentally went back into Firefox and it was blocked again. That was 2 days ago. After that I didn't open Firefox again and no more connections have been blocked since then. ( But I didnt use my pc much either) So does this mean that there is something in Firefox? SophosVirusRemovalTool.log

Hi again, i did that scan too. It found known programs that were already in the bin. So here no hint either, how the connections come about. Scan.txt

Done too! It only found Cheatengine, which is a known program. But i deleted it anyways. mbar-log-2021-12-23 (22-00-02).txt system-log.txt

Hi, the full scan is finished. msert.log

Okay, thanks! So i did step four from that tutorial, "To Force Disable Remote Desktop Connections to this Computer in Local Group Policy Editor". I checked my router, the firewall there is already enabled. Now another question, how do these attacks happen? Are there people who just randomly target IP addresses and try to connect to them? Or do I have something on my PC that tells the attackers to "connect"?

Hi there Maurice, Firefox was open at the time and so was gmail, however I did not read any email. Other browsers are installed too but i didnt use them in ages. Only use Firefox really. After I wrote the post here, after some time I pressed the refresh button ( to see if there was already a reply) and right after that another connection was blocked. I also put that one again in the attachment. Now i can spam the refresh button but nothing happens🤨. Also, the scan with the program did not find anything. AdwCleaner[S00].txt 61dfe2aa-6353-11ec-b97c-18c04d3625a0.txt

Hello, Since a few days I have the following problem, and that is that Malwarebytes always blocks compromised websites/connections at startup. But I do not go to any websites. I have attached the Malwarebytes logs along with the Farbar logs. However, since I can't attach JSON files, I copied the contents of the files to a .txt file. What I noticed in the newer logs is that the ProcessPath has changed from "Firefox" to "System"? According to MBAM these are incoming connections? I hope someone here can help me understand what these blocked connections are about Thanks in advance! FRST.txt Addition.txt 19e9bfd0-6046-11ec-b356-18c04d3625a0.txt dd765df4-60e2-11ec-86b2-18c04d3625a0.txt 36438490-634d-11ec-a746-18c04d3625a0.txt